A Flexible Database Security System using Multiple Access Control Policies
作者单位:Research Institute of Electronics and Telecommunications TechnologyChonnam National University 300 Yongbong-Dong Buk-Gu KwangjuREPUBLIC OF KOREA Department of Computer EngineeringChonnam National University 300 Yongbong-Dong Buk-Gu KwangjuREPUBLIC OF KOREA
会议名称:《The Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies》
会议日期:2003年
学科分类:12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术(可授工学、理学学位)]
关 键 词:Database Security Access Control specimen and clinical information
摘 要:正Due to various requirements for the user access control to large databases in the hospitals and the banks, database security has been *** are many security models for database systems using wide variety of policy-based access control ***,they are not functionally enough to meet the requirements for the complicated and various types of access *** this paper,we propose a database security system that can individually control user access to data groups of various sizes and is suitable for the situation where the user’s access privilege to arbitrary data is changed frequently. Data group(s) in different sizes d is defined by the table name(s),attribute(s) and/or record key(s),and the access privilege is defined by security levels,roles and polices. The proposed system operates in two *** first phase is composed of a modified MAC(Mandatory Access Control) model and RBAC(Role-Based Access Control) model.A user can access any data that has lower or equal security levels,and that is accessible by the roles to which the user is *** types of access mode are controlled in this *** the second phase,a modified DAC(Discretionary Access Control) model is applied to re-control the ’read’ mode by filtering out the non-accessible data from the result obtained at the first *** this purpose,we also defined the user group s that can be characterized by security levels,roles or any partition of *** policies represented in the form of Block(s,d,r) were also defined and used to control access to any data or data group(s) that is not permitted in ’read’ *** this proposed security system,more complicated ’read’ access to various data sizes for individual users can be flexibly controlled,while other access mode can be controlled as *** implementation example for a database system that manages specimen and clinical information is presented.